Managed Sentinel – Alert 028

Alert IDMS-A028
Alert NameDNS high reverse DNS count (Outlier)
DescriptionClients with a high reverse DNS count could be carrying out scanning activity.
Source: Github - Microsoft
Severity LevelLow
Threat IndicatorImproper Usage
MITRE ATT&CK TacticsDiscovery
Log sourcesDNS Logs
False PositivesUnknown
RecommendationsIt is recommended to review the Firewall\Webproxy logs in relation to the ClientIP making the DNS requests.